This is a trusted, internal, private network. The only one who could do this is the application itself, or something rogue on our network. If something were running rogue on our network, there'd be worse things it could get access to.
I see, if this is private network then this is a nice simple solution for caching. We plan to implement S3-caching in minio [https://minio.io] (i.e it will authenticate the requests and also do caching) in case you'd be interested for public facing caching proxies.